Multiple DNS Vulnerabilities affecting over 100 million devices

Published on 15 Apr 2021

Updated on 15 Apr 2021

Security researchers have discovered multiple Domain Name System (DNS) implementation vulnerabilities in four popular TCP/IP network stacks.

Dubbed NAME:WRECK, they affect over 100 million devices running on FreeBSD, IPnet, NetX and Nucleus NET stacks. Vulnerable devices could be subjected to either denial-of-service (DoS) or remote code-execution (RCE) attacks.

The following stacks are affected:

  • FreeBSD version 12.1

  • Nucleus NET version 4.3

  • NetX version 6.0.1

  • IPnet version VxWorks 6.6

 

Security patches for FreeBSD, Nucleus NET and NetX have been released. Administrators of the affected stacks are advised to apply the patch immediately. In the event where patching is not available (i.e. IPnet), administrators are recommended to implement the following mitigation measures: 

  • Enforce segmentation controls and proper network hygiene measures such as restricting external communication paths and isolating or containing vulnerable devices in zones as a mitigating control if they cannot be patched or until they can be patched

  • Monitor progressive patches released by affected device vendors

  • Configure devices to rely on internal DNS servers

  • Monitor all network traffic for malicious packets

 

Researchers have released related open-source tools: 

 

More information is available here:

https://www.forescout.com/research-labs/namewreck/
https://www.forescout.com/company/resources/namewreck-breaking-and-fixing-dns-implementations/
https://www.bleepingcomputer.com/news/security/name-wreck-dns-vulnerabilities-affect-over-100-million-devices/